* Jonas Sicking wrote: >Another thing that occurred to me is does HTTP caches take the full set >of request headers into account when caching? Otherwise it could be >directly harmful to include Referer-Root and Method-Check headers. The >cache might store an "authorize" reply when the request is made for >Referer-Root A and wrongly respond with the same document is checked for >Referer-Root B.
No, authors have to actively prevent improper caching of the response. Ian suggested that "merely adding a Vary: header with the appropriate values will remove that problem" so even Ian would fail to set this up properly (e.g., Vary would have no effect on simple HTTP/1.0 caches). -- Björn Höhrmann · mailto:[EMAIL PROTECTED] · http://bjoern.hoehrmann.de Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de 68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
